Yearn Hack Sparks $1.7M DeFi Insurance Claim Controversy

Last week’s Yearn Finance hack has a DeFi user wrestling with an insurance protocol over a $1.7M claim.

Twitter user kferretcrypto, who bought a claim provided by Nexus Mutual, an insurance protocol, in September, tweeted on Feb. 6 that the Yearn hack triggered a 1,000 Ether payout (or about $1.7M), by ArmorFi, an insurance aggregator protocol, in which he staked his claim. ArmorFi disagrees.

The conflict highlights the risk of interacting with early stage DeFi platforms, where rules are just being laid out. The emerging nature of the space means that both users and project teams will sometimes have to wade through uncharted territory as procedures are more clearly defined.

The user says the token he holds entitles him to an insurance claim payout, the project says it doesn’t, and that the funds from the claim should go to their own Treasury, as per the protocol’s design, where they will return to Nexus Mutual coverage pools.

Specifics

More specifically, the crux of the issue lies in whether the staked token, called an arNFT, ArmorFi’s non-fungible ERC-721 token wrapper for Nexus Mutual claims, provides coverage to the staker, in this case kferretcrypto, or to ArmorFi’s treasury reserve and by extension Nexus Mutual coverage providers. The project’s reserve functions as a backstop for its arNXM yield vault, in which ArmorFi users can deposit wNXM, minted by KYC-ed members of Nexus Mutual, and earn rewards previously only accessible to Nexus’ members.

ArmorFi claims that the protocol retains all rights to staked arNFTs. The project’s documentation notes that “staked arNFT do not provide coverage to the user who staked them.”

ArmorFi’s governance token, ARMOR, has dropped 34% to $0.88 since the Yearn hack compared with Ether’s 12% rise over the same period.

Nexus Mutual has already approved the claim, which the ArmorFi protocol submitted on Feb. 7.

Muddy Ownership Waters

Twitter user kferretcrypto originally bought a yInsure NFT (yNFT) which held Nexus Mutual’s cover on potential Yearn hacks on Sep. 16 2020. He then converted the yNFT to an arNFT, “since it was supposed to be an upgrade and allows for staking on Armor,” before staking the asset in the arNFT vault, kferretcrypto told The Defiant.

Worth noting is the coverage kferretcrypto purchased does not require proof of loss, meaning that the asset’s owner does not need to prove that their funds were lost because of a hack in order to receive a payout. Nexus Mutual has since upgraded the protocol to require proof of loss.

Kferretcrypto, in response to the Yearn hack, initiated the unstaking process for the arNFT, as the asset now holds cover worth 1,000 ETH.

There is a seven-day waiting period after an arNFT is unstaked, during which, the company claims, ArmorFi retains rights to the asset. In the project’s eyes, the payout should flow into the protocol’s treasury reserve which will then redeposit it into Nexus Mutual coverage pools.

“At the time I staked my arNFT,” kferretcrypto told The Defiant, “the documentation (ArmorFi’s) did not reflect the current working product at all.” Because of this, the cover purchaser said he decided to rely on ArmorFi’s co-founder’s Azeem Ahmed’s comments in the project’s Discord channel, in which Ahmed allegedly stated that users retain coverage even after staking.

ArmorFi’s CTO countered this claim on Twitter, saying that kferretcrypto staked his arNFT before asking the questions about which party retains coverage rights after staking, suggesting that the claim buyer did not stake based on statements in the ArmorFi Discord as he has claimed.

Kferretcrypto may resort to legal action in light of what he believes that “when all of the facts are laid out, it will be extremely clear they are in the wrong.”

ArmorFi’s Perspective

ArmorFi responded on Twitter, saying that the team created a timestamp to compile other verified eligible claims submitted in response to the Yearn hack.

“We are providing coverage for the coverage providers in the arNXM vault,” Ahmed told The Defiant. “Other claim payouts for the Yearn hack hit the stakers for another 400 ETH,” he continued, “our Treasury Reserve is going to cover that shortfall.”

The staked assets in the arNXM vault have been depleted as they are used to pay out other Nexus Mutual covers (ones which are not staked as arNFTs). The Yearn hack triggered 400 ETH’s worth of payouts.

Ahmed went on to stress that ArmorFi’s “Treasury Reserve is ultimately paying for Nexus Mutual’s payouts to successful claims for the Yearn hack.”

Growing Pains

As DeFi matures, and projects exist in gray areas of development, especially before transferring full control to a protocol’s community, there are bound to be both honest miscommunications and shifting incentives as underlying assets change, and often gain, in value.

It’s unclear whether kferretcrypto or ArmorFi are in the right in this scenario, and both have extended olive branches with the former offering $100K to benefit Armor members who would have suffered staking losses and Ahmed offering 500K in Armor tokens, worth ~$500K at the time of writing to the claim’s purchaser.

At the time of writing neither party has formally accepted each other’s offer.

Supporters of open finance surely hope the situation can resolve itself with moderate degrees of satisfaction from both parties, though $1.7M is certainly a sum that’s hard to walk away from.

[STORY UPDATED @4:13PM EST to correct Ahmed’s participation in Yieldfarming.insure, add that ArmorFi submitted kferrertcrypto’s claim, and highlight that funds from the claim would go directly to Nexus Mutual coverage pools.]